The Agent Skills Directory

[SAFE]: The skill serves as a knowledge base for the AG-UI protocol and does not contain any executable scripts or malicious instructions. It provides guidance on best practices, such as using middleware for tool filtering and encrypted reasoning for privacy compliance.
[EXTERNAL_DOWNLOADS]: The documentation includes standard instructions for installing official SDKs from NPM (@ag-ui/client) and PyPI (ag-ui-protocol). These references are informational and point to legitimate, well-known package registries.
[INDIRECT_PROMPT_INJECTION]: The skill describes a protocol that processes user-supplied messages and tool outputs. It includes documentation on boundary markers (message roles) and security controls like FilterToolCallsMiddleware to mitigate risks associated with untrusted data ingestion. Mandatory Evidence Chain: 1. Ingestion points: RunAgentInput.messages (documented in concepts/messages.md). 2. Boundary markers: The protocol uses typed events and roles to delineate content. 3. Capability inventory: Tool calls and state mutation are core documented capabilities. 4. Sanitization: The documentation explicitly references FilterToolCallsMiddleware for validating and filtering tool execution.

ag-ui-knowledge